[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm/flask: improve unknown permission handling

On 12/04/2014 10:37 AM, David Vrabel wrote:
> On 03/12/14 18:42, Andrew Cooper wrote:
>> XSA-37 was only an XSA because the rules at the time were unclear as
>> whether it was an issue or not.  At the same time, the rules were
>> clarified to state that issues in a debug build only are not security
>> issues.
> Given that we occasionally ask our customers to run debug versions of
> Xen to diagnose particular problems I think this policy should change
> (if not by the Xen project security team, then at least internally).

Well given that debug builds *already*, by design, crash on a lot of
things that don't crash in production, then you are already increasing
their risk of a host crash just by giving them that build.  If
increasing the risk of a host crash isn't acceptable, then you should
stop giving them debug builds.

Alternately, maybe we can add an option either at compile time or at
boot time for ASSERTs not to crash for your situation.

But the fact that we have ASSERTs at all mean that we *expect* debug
builds to crash.  If that's not what we want we need to get rid of the
ASSERTs entirely.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.